UNIX-WIZARDS Digest V3#078

black at ee.UCLA.EDU black at ee.UCLA.EDU
Thu Mar 12 13:02:29 AEST 1987


> What Black really doesn't like is (1) that the knowledge acquired
> by the team in trying to break into our system can then be applied
> to other, probably less secure, Unix systems and (2) that the
> team will be made up of students, who he apparently considers less
> trustworthy than himself.  

I have a feeling I'm gonna get shredded on this issue, but I've
got to stick by my guns.  My main failure was not suggesting a
reasonable alternative; as usual, that resulted in misunderstanding.

The things I *really* don't like are:  

1) Gould is not going to take the results of these experiments and
   pass them on to other UNIX OS writers.  (I may be wrong.  However, 
   the posting did not mention any planned distribution of results.)  
   Under ordinary circumstances, Gould would be under no obligation to 
   share trade secrets that it had spent money to obtain.  However, in 
   this case it *is* obligated to share this info because, by the very 
   act of obtaining it, it has placed other, less secure sites in greater
   potential danger than they were in before it assembled this team.

2) I deliberately pointed out that I would personally refuse to be 
   involved in such an experiment.  It's kind of like Pandora's box--
   it's quite possible that everyone involved in this project will 
   find that this knowledge is not a temptation.  But, as a very
   wise fortune cookie once told me:  "The problem with resisting
   temptation is that it may never come again."

My solution would not be to "stick your head in the sand" as one
person suggested.  I would think that Gould could find a group of
excellent programmers--perhaps hire some professors or professionals
as consultants--and organize their own, paid attack team.  These
people would then have a vested interest in not misusing the 
information they'd obtained.  

'Nough said.

Rex Black
	
black at ee.ucla.edu                                          ARPA        
...!{ihnp4,ucbvax,sdcrdcf,trwspp}!ucla-cs!uclaee!black     UUCP

Disclaimer:  Once again, these opinions are my own and may or may not
be shared by the UCLA Administration or any of its employees.



More information about the Comp.unix.wizards mailing list